[USBPORT][USBHUB] Improve Unplug and Plugin stability (reactos#8624)

DarkFire01 · web-flow · commit eb154533af04 · 2026-01-26T19:55:44.000Z
Dramatically improves stability when unplugging a bunch of devices at once (Except storage obviously)
and implements primitive ESD handling.
diff --git a/drivers/usb/usbhub/power.c b/drivers/usb/usbhub/power.c
@@ -72,6 +72,33 @@ USBH_HubESDRecoverySetD3Completion(IN PDEVICE_OBJECT DeviceObject,
                FALSE);
 }
 
+VOID
+NTAPI
+USBH_HubESDRecoverySetD0Completion(IN PDEVICE_OBJECT DeviceObject,
+                                   IN UCHAR MinorFunction,
+                                   IN POWER_STATE PowerState,
+                                   IN PVOID Context,
+                                   IN PIO_STATUS_BLOCK IoStatus)
+{
+    PUSBHUB_FDO_EXTENSION HubExtension = (PUSBHUB_FDO_EXTENSION)Context;
+
+    DPRINT("USBH_HubESDRecoverySetD0Completion: HubExtension - %p\n", HubExtension);
+
+    if (HubExtension && NT_SUCCESS(IoStatus->Status))
+    {
+        /* Clear the ESD recovery flag after successful power cycle */
+        HubExtension->HubFlags &= ~USBHUB_FDO_FLAG_ESD_RECOVERING;
+        DPRINT("USBH_HubESDRecoverySetD0Completion: ESD recovery completed\n");
+    }
+    else if (HubExtension)
+    {
+        /* If D0 transition failed, clear the flag anyway to allow retry */
+        HubExtension->HubFlags &= ~USBHUB_FDO_FLAG_ESD_RECOVERING;
+        DPRINT1("USBH_HubESDRecoverySetD0Completion: ESD recovery failed with status 0x%08lx\n",
+                IoStatus->Status);
+    }
+}
+
 NTSTATUS
 NTAPI
 USBH_HubSetD0(IN PUSBHUB_FDO_EXTENSION HubExtension)
@@ -130,6 +157,70 @@ USBH_HubSetD0(IN PUSBHUB_FDO_EXTENSION HubExtension)
     return Status;
 }
 
+NTSTATUS
+NTAPI
+USBH_HubStartESDRecovery(IN PUSBHUB_FDO_EXTENSION HubExtension)
+{
+    PUSBHUB_FDO_EXTENSION RootHubDevExt;
+    NTSTATUS Status;
+    KEVENT Event;
+    POWER_STATE PowerState;
+
+    DPRINT("USBH_HubStartESDRecovery: HubExtension - %p\n", HubExtension);
+
+    RootHubDevExt = USBH_GetRootHubExtension(HubExtension);
+
+    if (RootHubDevExt->SystemPowerState.SystemState != PowerSystemWorking)
+    {
+        Status = STATUS_INVALID_DEVICE_STATE;
+        HubExtension->HubFlags &= ~USBHUB_FDO_FLAG_ESD_RECOVERING;
+        return Status;
+    }
+
+    KeInitializeEvent(&Event, NotificationEvent, FALSE);
+
+    /* First, set the hub to D3 (power off) */
+    PowerState.DeviceState = PowerDeviceD3;
+
+    Status = PoRequestPowerIrp(HubExtension->LowerPDO,
+                               IRP_MN_SET_POWER,
+                               PowerState,
+                               USBH_HubESDRecoverySetD3Completion,
+                               &Event,
+                               NULL);
+    if (Status == STATUS_PENDING)
+    {
+        Status = KeWaitForSingleObject(&Event,
+                                       Suspended,
+                                       KernelMode,
+                                       FALSE,
+                                       NULL);
+    }
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("USBH_HubStartESDRecovery: Failed to set D3, Status - %lX\n", Status);
+        HubExtension->HubFlags &= ~USBHUB_FDO_FLAG_ESD_RECOVERING;
+        return Status;
+    }
+
+    /* Now set it back to D0 (power on) to complete the recovery */
+    PowerState.DeviceState = PowerDeviceD0;
+
+    Status = PoRequestPowerIrp(HubExtension->LowerPDO,
+                               IRP_MN_SET_POWER,
+                               PowerState,
+                               USBH_HubESDRecoverySetD0Completion,
+                               HubExtension,
+                               NULL);
+    if (!NT_SUCCESS(Status) && Status != STATUS_PENDING)
+    {
+        DPRINT1("USBH_HubStartESDRecovery: Failed to set D0, Status - %lX\n", Status);
+        HubExtension->HubFlags &= ~USBHUB_FDO_FLAG_ESD_RECOVERING;
+    }
+
+    return Status;
+}
+
 VOID
 NTAPI
 USBH_IdleCancelPowerHubWorker(IN PUSBHUB_FDO_EXTENSION HubExtension,
diff --git a/drivers/usb/usbhub/usbhub.c b/drivers/usb/usbhub/usbhub.c
@@ -2234,8 +2234,10 @@ USBH_ChangeIndicationWorker(IN PUSBHUB_FDO_EXTENSION HubExtension,
     {
         HubExtension->HubFlags |= USBHUB_FDO_FLAG_ESD_RECOVERING;
 
-        DPRINT1("USBH_ChangeIndicationWorker: USBHUB_FDO_FLAG_ESD_RECOVERING FIXME\n");
-        DbgBreakPoint();
+        DPRINT("USBH_ChangeIndicationWorker: Starting ESD recovery\n");
+
+        /* Initiate ESD recovery: power cycle the hub (D3 -> D0) */
+        USBH_HubStartESDRecovery(HubExtension);
 
         goto Exit;
     }
diff --git a/drivers/usb/usbhub/usbhub.h b/drivers/usb/usbhub/usbhub.h
@@ -335,6 +335,11 @@ NTAPI
 USBH_HubSetD0(
   IN PUSBHUB_FDO_EXTENSION HubExtension);
 
+NTSTATUS
+NTAPI
+USBH_HubStartESDRecovery(
+  IN PUSBHUB_FDO_EXTENSION HubExtension);
+
 NTSTATUS
 NTAPI
 USBH_FdoPower(
diff --git a/drivers/usb/usbport/endpoint.c b/drivers/usb/usbport/endpoint.c
@@ -410,9 +410,17 @@ USBPORT_SetEndpointState(IN PUSBPORT_ENDPOINT Endpoint,
         Endpoint->FrameNumber = Packet->Get32BitFrameNumber(FdoExtension->MiniPortExt);
         KeReleaseSpinLock(&FdoExtension->MiniportSpinLock, OldIrql);
 
-        ExInterlockedInsertTailList(&FdoExtension->EpStateChangeList,
-                                    &Endpoint->StateChangeLink,
-                                    &FdoExtension->EpStateChangeSpinLock);
+        KIRQL StateChangeOldIrql;
+        KeAcquireSpinLock(&FdoExtension->EpStateChangeSpinLock, &StateChangeOldIrql);
+
+        if (Endpoint->StateChangeLink.Flink == NULL &&
+            Endpoint->StateChangeLink.Blink == NULL)
+        {
+            InsertTailList(&FdoExtension->EpStateChangeList,
+                          &Endpoint->StateChangeLink);
+        }
+
+        KeReleaseSpinLock(&FdoExtension->EpStateChangeSpinLock, StateChangeOldIrql);
 
         KeAcquireSpinLock(&FdoExtension->MiniportSpinLock, &OldIrql);
         Packet->InterruptNextSOF(FdoExtension->MiniPortExt);
@@ -506,6 +514,24 @@ USBPORT_DeleteEndpoint(IN PDEVICE_OBJECT FdoDevice,
 
     FdoExtension = FdoDevice->DeviceExtension;
 
+    /* 
+     * Remove endpoint from EpStateChangeList if it's still there.
+     * This prevents the DPC handler from accessing a deleted endpoint.
+     */
+    KIRQL StateChangeOldIrql;
+    KeAcquireSpinLock(&FdoExtension->EpStateChangeSpinLock, &StateChangeOldIrql);
+
+    if (Endpoint->StateChangeLink.Flink != NULL &&
+        Endpoint->StateChangeLink.Blink != NULL)
+    {
+        RemoveEntryList(&Endpoint->StateChangeLink);
+    }
+    
+    Endpoint->StateChangeLink.Flink = NULL;
+    Endpoint->StateChangeLink.Blink = NULL;
+    
+    KeReleaseSpinLock(&FdoExtension->EpStateChangeSpinLock, StateChangeOldIrql);
+
     if ((Endpoint->WorkerLink.Flink && Endpoint->WorkerLink.Blink) ||
         Endpoint->LockCounter != -1)
     {
diff --git a/drivers/usb/usbport/usbport.c b/drivers/usb/usbport/usbport.c
@@ -961,63 +961,98 @@ USBPORT_IsrDpcHandler(IN PDEVICE_OBJECT FdoDevice,
         return;
     }
 
-    for (List = ExInterlockedRemoveHeadList(&FdoExtension->EpStateChangeList,
-                                            &FdoExtension->EpStateChangeSpinLock);
-         List != NULL;
-         List = ExInterlockedRemoveHeadList(&FdoExtension->EpStateChangeList,
-                                            &FdoExtension->EpStateChangeSpinLock))
-    {
+    /* Process the state change list.
+     * - Always process the list (don't flush during suspend)
+     * - If controller is suspended/off, mark endpoints as ready immediately
+     * - Don't request interrupts if suspended */
+    KeAcquireSpinLockAtDpcLevel(&FdoExtension->EpStateChangeSpinLock);
+    List = FdoExtension->EpStateChangeList.Flink;
+    while (List != &FdoExtension->EpStateChangeList)
+    {
+        BOOLEAN EndpointReady = FALSE;
+        PLIST_ENTRY NextList;
+        BOOLEAN ControllerSuspended;
+
         Endpoint = CONTAINING_RECORD(List,
                                      USBPORT_ENDPOINT,
                                      StateChangeLink);
 
         DPRINT_CORE("USBPORT_IsrDpcHandler: Endpoint - %p\n", Endpoint);
 
-        KeAcquireSpinLockAtDpcLevel(&Endpoint->EndpointSpinLock);
+        /* Save the next entry before we potentially remove this one */
+        NextList = List->Flink;
 
-        KeAcquireSpinLockAtDpcLevel(&FdoExtension->MiniportSpinLock);
-        FrameNumber = Packet->Get32BitFrameNumber(FdoExtension->MiniPortExt);
-        KeReleaseSpinLockFromDpcLevel(&FdoExtension->MiniportSpinLock);
+        /* Check if controller is suspended/off  */
+        ControllerSuspended = (FdoExtension->Flags & USBPORT_FLAG_HC_SUSPEND) != 0 ||
+                              (FdoExtension->CommonExtension.DevicePowerState == PowerDeviceD3);
 
-        if (FrameNumber <= Endpoint->FrameNumber &&
-            !(Endpoint->Flags & ENDPOINT_FLAG_NUKE))
+        if (ControllerSuspended)
+        {
+            /* Controller is suspended/off - mark endpoint as ready immediately */
+            EndpointReady = TRUE;
+        }
+        else
         {
-            KeReleaseSpinLockFromDpcLevel(&Endpoint->EndpointSpinLock);
-
-            ExInterlockedInsertHeadList(&FdoExtension->EpStateChangeList,
-                                        &Endpoint->StateChangeLink,
-                                        &FdoExtension->EpStateChangeSpinLock);
-
             KeAcquireSpinLockAtDpcLevel(&FdoExtension->MiniportSpinLock);
-            Packet->InterruptNextSOF(FdoExtension->MiniPortExt);
+            FrameNumber = Packet->Get32BitFrameNumber(FdoExtension->MiniPortExt);
             KeReleaseSpinLockFromDpcLevel(&FdoExtension->MiniportSpinLock);
 
-            break;
+            /* Check if the endpoint is ready to be processed */
+            if (FrameNumber > Endpoint->FrameNumber ||
+                (Endpoint->Flags & ENDPOINT_FLAG_NUKE))
+            {
+                EndpointReady = TRUE;
+            }
         }
 
-        KeReleaseSpinLockFromDpcLevel(&Endpoint->EndpointSpinLock);
 
-        KeAcquireSpinLockAtDpcLevel(&Endpoint->StateChangeSpinLock);
-        Endpoint->StateLast = Endpoint->StateNext;
-        KeReleaseSpinLockFromDpcLevel(&Endpoint->StateChangeSpinLock);
+        if (EndpointReady)
+        {
+            /* Endpoint is ready - remove it from the list and process it */
+            RemoveEntryList(&Endpoint->StateChangeLink);
+            Endpoint->StateChangeLink.Flink = NULL;
+            Endpoint->StateChangeLink.Blink = NULL;
 
-        DPRINT_CORE("USBPORT_IsrDpcHandler: Endpoint->StateLast - %x\n",
-                    Endpoint->StateLast);
+            KeAcquireSpinLockAtDpcLevel(&Endpoint->StateChangeSpinLock);
+            Endpoint->StateLast = Endpoint->StateNext;
+            KeReleaseSpinLockFromDpcLevel(&Endpoint->StateChangeSpinLock);
 
-        if (IsDpcHandler)
-        {
-            USBPORT_InvalidateEndpointHandler(FdoDevice,
-                                              Endpoint,
-                                              INVALIDATE_ENDPOINT_ONLY);
+            DPRINT_CORE("USBPORT_IsrDpcHandler: Endpoint->StateLast - %x\n",
+                        Endpoint->StateLast);
+            
+            KeReleaseSpinLockFromDpcLevel(&FdoExtension->EpStateChangeSpinLock);
+
+            if (IsDpcHandler)
+            {
+                USBPORT_InvalidateEndpointHandler(FdoDevice,
+                                                  Endpoint,
+                                                  INVALIDATE_ENDPOINT_ONLY);
+            }
+            else
+            {
+                USBPORT_InvalidateEndpointHandler(FdoDevice,
+                                                  Endpoint,
+                                                  INVALIDATE_ENDPOINT_WORKER_THREAD);
+            }
+
+            KeAcquireSpinLockAtDpcLevel(&FdoExtension->EpStateChangeSpinLock);
         }
-        else
+        else if (!ControllerSuspended)
         {
-            USBPORT_InvalidateEndpointHandler(FdoDevice,
-                                              Endpoint,
-                                              INVALIDATE_ENDPOINT_WORKER_THREAD);
+            /* Endpoint is not ready yet - leave it in the list and request interrupt.
+             * Don't request interrupts if controller is suspended. */
+            KeAcquireSpinLockAtDpcLevel(&FdoExtension->MiniportSpinLock);
+            Packet->InterruptNextSOF(FdoExtension->MiniPortExt);
+            KeReleaseSpinLockFromDpcLevel(&FdoExtension->MiniportSpinLock);
         }
+        /* If suspended and not ready, leave it in list but don't request interrupt */
+
+        /* Move to the next entry */
+        List = NextList;
     }
 
+    KeReleaseSpinLockFromDpcLevel(&FdoExtension->EpStateChangeSpinLock);
+
     if (IsDpcHandler)
     {
         USBPORT_DpcHandler(FdoDevice);

Original file line number	Diff line number	Diff line change
`@@ -2234,8 +2234,10 @@ USBH_ChangeIndicationWorker(IN PUSBHUB_FDO_EXTENSION HubExtension,`
`2234`	`2234`	`{`
`2235`	`2235`	`HubExtension->HubFlags \|= USBHUB_FDO_FLAG_ESD_RECOVERING;`
`2236`	`2236`
`2237`		`- DPRINT1("USBH_ChangeIndicationWorker: USBHUB_FDO_FLAG_ESD_RECOVERING FIXME\n");`
`2238`		`- DbgBreakPoint();`
	`2237`	`+ DPRINT("USBH_ChangeIndicationWorker: Starting ESD recovery\n");`
	`2238`	`+`
	`2239`	`+ /* Initiate ESD recovery: power cycle the hub (D3 -> D0) */`
	`2240`	`+ USBH_HubStartESDRecovery(HubExtension);`
`2239`	`2241`
`2240`	`2242`	`goto Exit;`
`2241`	`2243`	`}`